• Filter by Date
  • Filter by Risk
  • Filter by Affected Product

PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that...

Apr 26, 2017 Risk IR Number: FG-IR-17-014
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a...

Apr 19, 2017 Risk IR Number: FG-IR-17-017
The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an improperly...

Apr 19, 2017 Risk IR Number: FG-IR-17-076
The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level...

Apr 12, 2017 Risk IR Number: FG-IR-17-097
A race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel may allow local users to obtain sensitive...

Apr 05, 2017 Risk IR Number: FG-IR-16-013
The first run of the FortiClient SSLVPN script results in the subproc file becoming  suid & root owned binary. The issue lays...

Apr 05, 2017 Risk IR Number: FG-IR-16-041
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or...

Apr 05, 2017 Risk IR Number: FG-IR-16-069
Of multiple vulnerabilities released affecting Linux kernels through 4.6.3, FortiOS was found vulnerable to the following two:CVE-2016-3713CVE-2016-5829

Apr 05, 2017 Risk IR Number: FG-IR-16-052
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser...

Apr 04, 2017 Risk IR Number: FG-IR-17-011
net/ipv4/tcp_input.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes...

Apr 04, 2017 Risk IR Number: FG-IR-16-047
The OpenSSL project released an advisory on Sept 22nd, 2016, describing 1 High, 1 Medium and 12 Low severity vulnerabilities,...

Apr 03, 2017 Risk IR Number: FG-IR-16-048
ntp released an announcement on 26th April 2016, describing 4 low and 7 medium severity vulnerabilities, as listed below: CVE-2016-1551CVE-2016-1549CVE-2016-2516CVE-2016-2517CVE-2016-2518CVE-2016-2519CVE-2016-1547CVE-2016-1548CVE-2015-7704...

Apr 03, 2017 Risk IR Number: FG-IR-16-035